Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100

Do you remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone 5C belongs to a terrorist?

Yes, you got it right, the same Apple vs. FBI case where the FBI paid almost $1.3 Million to a group of hackers to unlock that iPhone.

However, if the agency had shown some patience to explore more ways to get into that iPhone, then it might have cost them nothing less than US$100.

Yes, you heard that right. Now anyone can unlock an iPhone for less than $100, for which the FBI paid more than $1 million.

Cheap Method to Unlock iPhone 5C

Cambridge University security researcher Sergei Skorobogatov has published a new research paper detailing a technique that would have helped the FBI bypass the iOS passcode limit on the shooter’s iPhone 5C.

Dubbed NAND Mirroring, the technique was proposed to the FBI earlier this year, but the agency claimed that the method would not work. “It does not work,” FBI Director James Comey said back in March, and instead paid a hefty amount to a contractor.

In his research paper published on Thursday, Skorobogatov says that the FBI was just wrong in its assessment of NAND Mirroring, but also spent $1 million of taxpayers’ funds on a case that could have been solved for a few hundred dollars.

Here’s How the Researcher Unlocked iPhone 5C:

NAND Mirroring technique “does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors,” writes Skorobogatov.

During his test, Skorobogatov used store-bought equipment, stripped down an iPhone 5C running iOS 9.3, carefully removed the NAND memory chip from the phone’s circuit board, and copied its data to a special test board many times over.

The researcher then used an automated software to brute force the passcode until he found the correct code and said it takes around 20 hours to brute-force a four-digit passcode, while few weeks with a six-digit one.

“This is the first public demonstration of…the real hardware mirroring process for iPhone 5C,” Skorobogatov writes. “Any attacker with sufficient technical skills could repeat the experiments.”

So far, the FBI and Apple have not commented on Skorobogatov’s research.

The Method Works on iPhone 5S and iPhone 6 Devices

Besides iPhone 5C, his attack also works on iPhone 5S as well as iPhone 6 devices using the same type of NAND Flash memory. The attack can also be adapted on other iPhones using different NANDs.

For more technical details about this technique to bypass iPhone’s passcode security limit, you can head onto his research paper.

You can also watch the video demonstration, where Skorobogatov explained the NAND Mirroring technique.